1. Field of the Invention
The present invention relates to a technique of reserving execution of a job requiring authentication included in an application program and executing the job.
2. Description of the Related Art
An image processing apparatus such as a printer, a copier, a scanner or a facsimile machine has various functions and abilities for adjustment for a particular purpose or combination of purposes. The image processing apparatus having such functions is generally a multi function peripheral (MFP) having a combination of two or more functions of conventionally separate apparatuses. The MFP may have an arbitrary number of functions. Generally, the MFP has functions of a printer, an image reader, a copier and a facsimile machine.
Further, among image processing apparatuses of this type, some apparatus have a computing resource for data storage and processing (for example, a processor, a hard disk drive, a memory and other devices). Then, as more complicated image processing apparatus and MFP, an apparatus having a network connection function for communication with e.g. another computing device (for example, a personal computer, another image processing apparatus, a network server or another device). This connection function enables the image processing apparatus to use an external resource (another computing device) available on the connected network.
Further, these image processing apparatuses have an input panel with plural buttons, knobs and other user input mechanisms. Further, some image processing apparatuses have a display panel. This display panel may be used only for display, or may be used for a user's direct input on the display. An apparatus having a touch panel or an apparatus having hardware key buttons in addition to the display panel can display menu data for user's selection input. The function corresponding to the menu data is performed by a server module generally installed in the image processing apparatus.
Further, in these image processing apparatuses, authentication processing is required in accordance with the application program. The problem is that, even when plural application programs to use the same authentication information exist, it is necessary to input authentication information in respective use of the application programs. To solve the problem, Single sign-on (SSO) is known.
For example, Japanese Patent Laid-Open No. 2003-50781 discloses a system having an authentication database to store authentication information including information for personal authentication based on an inputted ID number and a password. In this system, a client PC requests authentication information from the authentication database, then obtains the authentication information and temporarily stores the information on the client PC. Then the client PC starts an arbitrary application program based on the temporarily-stored authentication information by its authentication core.
Further, a method for realizing Single sign-on in the image processing apparatus by volatile shared authentication information (credential) management system as follows is known.
FIG. 1 is a block diagram for explanation of general authentication information management method. In this example, for the sake of convenience of explanation, as the time axis, time elapses in a top-to-bottom direction in FIG. 1.
A shared credential service 101 for volatile credential management is registered as one of services of the image processing apparatus. Upon log-in time, a log-in application (log-in service) 102 generates a log-in context_A 105 from log-in information. The log-in context_A 105 is an interface provided with the log-in application 102 so as to obtain user information for authentication. The log-in application 102 generates a credential_A 106 and registers the credential_A 106 in the shared credential service 101. At this time, the shared credential service 101 manages this credential with the log-in context_A 105 as a key. Similarly, an application_A 103 can register a credential_B 107 with respect to the shared credential service 101. As a result, as denoted by numeral 120, the shared credential service 101 links the plural credentials_A 106 and B 107 to the user's log-in context_A 105 and manages the plural credentials_A 106 and B 107.
FIG. 2 depicts a view illustrating an example of a credential management table at this time. In this example, the credentials_A 106 and B 107 linked to the log-in context_A 105 and the credentials_C and D linked to the log-in context_B are managed. Note that in FIG. 1, only the status where the credentials_A 106 and B 107 are linked to the log-in context_A 105 is shown.
On the other hand, an example where a job_B 153 is executed by an application_B 104 to re-use the credential_A 106 obtained by the shared credential service 101 will be described. In this case, the job_B 153, to access a PC 108 using the credential_A 106, is enabled to obtain or refer to the credential_A 106 from the credential management table in FIG. 2, with designation of the log-in context_A 105 as a key with respect to the shared credential service 101. Thus the job_B 153 accesses the PC 108 using the credential_A 106. Further, thereafter, upon execution of log-out, the log-in context_A 105 is deleted. Further, the shared credential service 101 can release all the registered credential information (credential_A 106 and credential_B 107) linked to the log-in context_A 105 and under the volatile management.
Such a Single sign-on system has the following problems.
In the above-described image processing apparatus, when a user has logged in and reserved a job, there is a possibility that the job is executed after log-out of the user. At this time, as described above, when a credential is managed with a log-in context_A as a key, the log-in context is deleted upon log-out. Then, as the registration of the credential is also released in accordance with the deletion, the job referring to the credential cannot be executed.
Accordingly, in the conventional technique, when transmission of image data obtained by image scanning is reserved, a user name and a password are inputted upon reservation of the transmission, and this function is realized based on the inputted user name and password. In this manner, conventionally, it is necessary for each application to manage a user name and password to execute a job. Further, as each application manages authentication information, there is a security problem, and further, the load is heavy in consideration of management cost.
Accordingly, it is necessary to provide a frame work of Single sign-on authentication in consideration of the problem upon execution of a reserved job after log-out.